Status: August 2024
Switch to German version
This privacy policy provides you with information on how we, ATCP Management GmbH, handle your personal data when you register to use our Aroundtown App (hereinafter "App").
Data is considered personal if it relates to an identified or identifiable natural person. This includes, for example, your name, your address and your IP address. The provisions below serve to provide information as to the manner, extent and purpose in of the processing of your personal data by us.
We process personal data for the following purposes:
1.1 Registration to use the app
We process personal data for the purpose of registering to use the app, including processing your request to send you an access link to download and register in the app, as well as all other related matters. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in ensuring the security of our app, a user-friendly, effective and secure experience and smooth access.
1.2 Contact details in the context of business relationships
As part of the business relationship between our tenants and us, contact details of our tenants' contact persons may be required for the execution of the contractual relationship. In this case, we generally store the names and company contact details of our tenants' employees in accordance with the details from the company signature and the content of the communication. The legal basis is our legitimate interest in the effective management of our tenants, who make the app accessible to their employees, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
1.3 Communication via various communication channels
You may contact us via various channels, including by post, e-mail, fax or telephone. If we communicate, we share personal data with each other. Therefore, we may process your contact and communication data (e.g. messages, conversations, shared files). The purpose of this data processing is to enable ongoing communication between us and to take care of your request. Based on the communication channel used, additional data may be processed. For example, if we communicate via video conferencing tools, such tools may also process technical and service-related data to ensure an uninterrupted connection for our communication.
The legal basis for the processing relating to communication with you is Art. 6 para. 1 sentence 1 lit. b GDPR or, if the contact does not relate to the conclusion or performance of a contract, Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in having optimized and comprehensible communication processes with our customers and responding to their inquiries.
1.4 Data processing for IT and IT security purposes
We maintain and use IT systems to process personal data, in particular the app. We have implemented and constantly update our IT security measures for these IT systems in order to comply with our duties imposed by the GDPR and other IT and data security laws. For the aforementioned purposes, we may process information generated by such access, such as names, e-mail addresses and passwords, user names, nature and content of e-mails (including date and time), IP addresses, device information, network location.
This data is exclusively used to maintain and grant access to our IT systems and to ensure an appropriate IT security standard. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR and Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with Art. 32 para. 1 GDPR. We have a legitimate interest in using and maintaining our IT systems and protecting them from cyber threats and other security incidents that could harm our business or your data.
We may engage service providers to provide respective IT security measures. The data transfer to those service providers is justified under Art. 28 GDPR in connection with the order processing contract.
1.5 Other data processing purposes
In certain cases, we may process your personal data for the following purposes:
We may process your personal data to comply with legal obligations to which we are subject (e.g. regarding data retention under commercial or tax law). The legal basis for such data processing is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with the relevant legal provisions.
We may process your personal data if we sell our company, part of it or other assets, or if we buy another company, part of it or other assets. The legal basis for this data processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in promoting the development of our company through mergers and acquisitions.
We may be legally obliged to participate in investigations and proceedings of public authorities and the government. The legal basis for such processing is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with the respective provision establishing our legal obligations.
We may also process your personal data to protect our rights and security, our contractual and business partners and others, including through assertion or participation in legal proceedings. The legal basis for this data processing is either a respective legal obligation to this effect (Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with the relevant legal provisions) or our legitimate interest or of those affected to assert legal claims (Art. 6 para. 1 sentence 1 lit. f GDPR).
For some of the aforementioned purposes, we may have your personal data processed by processors and transferred to them. The categories of processors include in particular:
The legal basis for respective data transfers is Art. 28 GDPR in conjunction with the respective data processing agreement concluded with the recipient. Through these agreements, we have contractually bound these recipients to process your personal data only on our behalf and in accordance with our instructions.
We will also disclose your personal data to other third parties for specific purposes and according to the legal bases set out above in this Privacy Policy, in particular to:
As part of your registration to use the app, we process the following personal data for the purposes stated in section 1:
When sharing your personal data with external recipients (see sections 2 and 3 above), some of your personal data may be transferred to other countries, including third countries outside the EU/EEA, where local laws may not provide the same level of protection for your personal data as the GDPR. Please note that data processed in another country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement and supervisory authorities. However, we will endeavor to take the necessary measures to maintain an adequate level of data protection when sharing your personal data with recipients based in such countries.
In the case of a transfer to a country outside the EEA, this transfer is either safeguarded by a so-called adequacy decision of the European Commission, in which it is declared that this country offers an adequate level of data protection, or, if such an adequacy decision does not exist, by the conclusion of EU standard contractual clauses and, if necessary, by additional measures.
We have appropriate, state-of-the-art security measures in place to protect against the loss, misuse and alteration of the personal data under our control. While we cannot ensure or guarantee that loss, misuse or alteration of data will never occur, we will use all reasonable efforts to prevent this.
We only retain your personal data for as long as is necessary for the purpose for which it is processed and will delete it afterwards unless we are required by law to retain it for a longer period (e.g. to comply with statutory retention obligations under tax law).
Depending on the circumstances of the specific case, you have the following data protection rights, which you may exercise by contacting us as set out in section 9 below:
8.1 Information
You have the right to request information about whether your personal data is retained and to request access to your personal data and/or copies of such data, including the purposes of the processing, the categories of data processed, its recipients as well as potential data retention periods.
8.2 Rectification, restriction of processing, deletion
You have the right to request the rectification, deletion or restriction of processing of your personal data, for example if (i) the data is incomplete or inaccurate, (ii) it is no longer necessary for the purposes for which it was collected or (iii) the consent on which the processing was based has been withdrawn.
8.3 Refusal or withdrawal of your consent to data processing
You have the right to refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to the processing of your personal data at any time.
8.4 Automated decision-making including profiling
You have the right not to be subject to any automated decision-making, including profiling, which produces legal effects on you or affects you with similar significance.
8.5 Right to data portability
You have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from use. You also have the right to transmit this data directly to another controller, where technically feasible.
8.6 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, where we process your personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (Art. 6 para. 1 sentence 1 lit. e GDPR) or where we process your personal data on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). In case we process your personal data for direct marketing purposes, you also have the right to object at any time.
8.7 Right to lodge a complaint with the competent supervisory authority
You have a right to take legal action against any potential breach of your rights regarding the processing of your personal data, as well as to lodge a complaint with the competent supervisory authority.
The controller responsible for data processing is
ATCP Management GmbH, Wittestraße 30, House F, 13509, Berlin
E-mail: atcp.info@aroundtown.de
Please contact einwilligung@aroundtown.de if you wish to be removed from the newsletter or any mailing lists you may have subscribed to.
For questions, suggestions, and comments on the subject of data protection, you can also contact our Group Data Protection Officer at any time.
We reserve the right to amend this privacy policy from time to time in accordance with applicable data protection regulations.